~ My CCIE Wireless Journey & More…..

A Wireless Bridge with QoS

In this post we will look at a wireless bridge configuration with QoS. Here is the topology for this post.

A VoIP phone (vlan 1) and a Laptop (vlan 6) is connected to a 2960 Switch where it is connected to Non-Root Bridge AAP2 (3502). A 3750 switch connected to a Root Bridge AAP1 (1142) where a wireless bridge is setup between AAP1 & AAP2 with native vlan 999 . All SVI, DHCP pools are defined on 3750 switch. A wireless phone is connected to network via a LAP (L1130) controlled by a WLC (4402-3)

I have not used any security for encryption/authentication (for simplicity). Also only configure 5 GHz (int d1). Here is the Root Bridge (AAP1) configuration looks like.

Now if you want to make sure QoS is configured end to end (VoIP phone to wireless phone) you can verify it like this. We will start from the 7965 end.

1. Since Phone is connected to switchport where voice vlan is configured, you have to trust CoS on R2960 G 0/1. You have to ensure QoS is enabled on switch & CoS to DSCP maps 5-> 46 & 3-> 26 for at least these two type of traffic (if you want any other DSCP values you can change this mapping table).

2. Then AAP2 is connected to R2960 via a trunk port. For the traffic coming from phone already trusted at G0/1, so that configuring QoS on G0/8 won’t impact traffic initiating from 7965. But traffic coming to 7965 is going to be impacted by the QoS config on G 0/8. Since AAP2 translated wireless frame UP value on to CoS value before sending it to R2960, you have to trust CoS in G0/8.

3. You need to make sure 802.11e to AVVID mapping happening at the AAP2. This will ensure Priority 6 value converted to CoS 5 for RTP traffic & Priority 4 value converted to CoS 3 for SCCP signalling traffic (vice versa as well). By default radio interfaces is trusting WMM UP values of wireless frames. If not you have to enable it “dot11 qos mode wmm” CLI command under radio interface.

AAP2#
dot11 priority-map avvid

Similar concept applies to AAP1 where you have to enable 802.11e to AVVID mapping.

AAP1#
dot11 priority-map avvid

4. For AAP1 connected switchport, you have to trust CoS as user traffic comes with 802.1q header which include CoS value set by AAP1.

6.Since SCCP signalling traffic is going between CME & phones (7965 & 7921), you have to trust packet marking of CME on the port fa1/0/14 of 3750. Since this is access port, only DSCP value exist on the packets coming from CME. So trust DSCP is the only choice.

Once you configure like this you could make sure end to end traffic QoS is preserved across you network.

I have taken two packet captures, one by SAPN port G0/8 of R2960 switch & the othe one by sniffing wireless packet in 5 GHz to see what’s going on the bridge.

Here is the SCCP & RTP traffic coming from the 7965 VoIP phone. You can see SCCP traffic comes with CoS of 3 & Voice traffic comes with CoS of 5.

If you look at the traffic to 7965 VoIP phone it will looks like this. You can see RTP traffic comes with CoS 5 & SCCP traffic comes with CoS 3. This proves end to end QoS is preserved from wireless phone to wired phone.

Now if you look at a wireless capture it will looks like this. Since AAP1 to AAP2 , it use IAPP (Inter Access Point Protocol) or 802.11f-2003 wireshark capture shows as “Encapsulated Ethernet” in the data section.

But you can verify wireless header information as below. You can verify BSSID of AAP1 & AAP2, then determine packets direction.

Based on the above information you can see the below frame is from AAP2 to AAP1. Based on the User Priority of wireless frame we can tell it is signalling traffic (SCCP) going from 7965 to CME. Since we configured “dot11 priority-map avvid” on AAP1 these priority value translate to CoS of 3 when it goes to 3750 fa1/0/11.

Here is the return traffic coming from AAP1 to AAP2, as you can see it has the similar priority in wireless frames.

Here is the RTP traffic wireless captures where you can see traffic comes with priority value of 6 in wireless frames.

Update @4th Aug:
I found the Wireshark version (1.6.1) I used for the above did not have the capability to decode IAPP messages. But when I installed the latest version of wireshark (1.10.1) I was able to see full information even inside the IAPP.

Here is the packet capture of SCCP traffic going from wired phone to CME within the wireless bridge. You can see clearly original dot1q packet came from phone (with Prioirty 3 & Vlan ID 1) convert into 802.11 frame with priority 4

Here is the wireless capture of RTP traffic going from Wired Phone. As you can see original 802.1q (Priority 5 & Vlan ID 1) packet is going inside IAPP. In wireless frame Priority will be 6.

i am hitting my lab again soon, and it will be my Third Attempt. i am digging more into QoS for wireless bridges and have the following in my mind:

1) if i have dot1q tags and VLAN’s passing between bridges and connected on trunk from switch side then it is safe to trust COS on switch side . and use dot11 priority map avvid only to do proper mapping between 802.11e and dot1P cos Tags.
please correct me if i am mistaken.

2) if i am using only one single VLAN ( no dot1q tags) and my bridge is connected to an access port , then there is no use of priority map avvid , right?
and i must catch traffic besed on policy map based on dscp and make setting Cos to 4/6 on wireless output and 3/5 towead ethernet out.

and on switch trust dscp.

3) i am checking online and not able to find resource explaining which takes presedense over other , for example if i do priority map avvid and at the same time i make tagging with policy map , would they conflict each others….etc
unfortunately i am not able to test this with live capture RTP/SCCP traffic as i am using rack rental….

2. If it is Access port, then trusting DSCP or if you want to re-classify then policy map is the way to go. I haven’t test this scenario to see what happen with priority map avvid & without that.

3. I would suggest if you do policy map do it on the switch port where AP connected. In that way traffic coming from AP can be re-classify the way wanted.

NB: Unless if they ask to do such granular QoS on those configurations, I do not bother about it.. make sure you clarify with proctor exactly what they want you to do with this regards. It would be a time waste if you do such a thing in a situation they are not expecting such configuration….

As i’m studying for CCIE wireless, i found your posts so useful to me.

Regarding this lab, i got confused about the concept of the mapping happened of the AVVID.

1- As far as i understand, AVVID should take place where there are 802.11e tags comes and enters the Cisco network via the AP either from the wifi side “non-cisco wireless client” or from the wired side “any laptop could be connected to the bridge ethernet port”. In this case, there is a Cisco phone connected to the wired side of the bridge, this phone should be sending CoS tags that matches with the Cisco 802.11p classification. But since the AP will not know that info, it will do the AVVID conversion from the Cisco 802.11p “wired side” to the 802.11e “radio side”. Then, AAP1 will convert back from radio to wired. So, in this case, i could have disabled AVVID and the tags would have been preserved “since i don’t need the conversion/conversion-back that the AAP2/AAP1 will do”, am i right?

2- Regarding Talal 2nd question, if i just trusted the DSCP, on the switch ports for AAP1&2, then nothing is needed to be done on both APs and even no AVVID needed, right? why would i reclassify DSCP to CoS on AAP2? i think i can just depend on DSCP and that’s it. I’m right?